U.S. Cyber Command leader and NSA director Gen. Keith Alexander made the information public on Tuesday in a briefing to the Senate Armed Services Committee, in which he testified, "I can't go into the specifics here, but we do see [thefts] from defense industrial base companies. There are some very public [attacks], though. The most recent one was the RSA exploits."

Indeed a massive amount of intellectual property is being stolen from both the public and private sector by Chinese hackers, according to Gen. Alexander. The U.S. has done precious little to protect its own economic prosperity, as it has been overwhelmed by the Chinese thieves. One official in past commentary graphically described a cyberwarfare compaign of an unnamed nation state (suspected to be China) as "raping" the world.

Whether the Chinese government is perpetrating these attacks first hand, sponsoring third parties to conduct them, or merely condoning corporate interests to conduct them is almost as hazy as the sketchy financial ties the Chinese government holds to many of its private sector business (to be fair such allegations have increasingly been raised about the U.S. gov't).

But at the end of the day, the result is the same -- the destruction of the U.S. economy at the hands of the Chinese attackers.

Spearphishing and an unreleased Flash exploit allowed China to hack the RSA standard and steal secrets from U.S. DOD contractors, according to NSA testimony.
[Image Source: RSA Security]

U.S. companies who speak out against the attacks are threatened by the Chinese. The Chinese government is more than willing to ban U.S. firms that rock the boat, locking them out of the lucrative emerging market of almost 1 billion internet-active device users.

Complains Gen. Alexander, "We need to make it more difficult for the Chinese to do what they're doing. Intellectual property isn't well protected, and we can do a better job at protecting it."

The security official shared interesting details of the attack. He says the RSA hack used a zero-day (unreleased) exploit of Adobe System Inc.'s (ADBE) Flash player (somewhere the spirit of Steve Jobs is smirking) and used "spearphishing" (targeted phishing) to get an RSA employee to click on the offending executable, resulting on backdoors being installed on the company's servers. Ironically, the Subcommittee hearings were livecast using Flash.

Gen. Alexander responded, "Industry has a bunch of signatures, government has those too. All of us need to work together to provide the best set of signatures."

He then countered that private sector communications efforts have been hindered by red tape. He compares the situation to a bank robbery in which no one can tell the police. He points to one incident in which the NSA detected 3 GB of data being stolen, stating, "I think that industry should have the ability to see these attacks and share them with us in real time. It's like neighborhood watch. Somebody is breaking into a bank, and somebody needs to be in touch with the police to stop it."

Is the U.S. surrendering its future by allowing China to victimize its businesses and defenses with no response? The hacks may go down in U.S. history as the nation's first unofficial surrender. [Image Source: Allison Nazarian]

On the upside Gen. Alexander says DOD efforts to establish a Cyber Command outpost at every major geographical and functional Combatant Command branch are coming along nicely. He points to a major recent combat exercise at Nellis Air Force base as a sign of that progress.

So if I murder someone in cold blood, can I get sent to the military instead of sitting in jail?

If I start a bar fight unprovoked and beat 3 guys up half to death, instead of jail time can I be sent to the MMA?

You're talking about treating cyber crimes like a doorway to a great career opportunity, instead of a serious and punishable crime. Even paying them like $50k a year?

I don't think I'm "pro jail". I think if you commit a crime that warrants jail time, you should be punished for that crime and serve that sentence. Isn't that the whole point?

You've obviously never been a victim of ID theft or had your credit card number stolen by hackers and misused. If you had I'm pretty sure the idea of your tax dollars going to paying their salary, when they should be in jail after costing you years of pain and aggravation, disgusting.

LOL Deep end? Questioning the logic of freeing prisoners for the purpose of state sponsored cyber terrorism against China, not to mention the legal precedence this might set up, is going off the deep end?

What happened to Daily Tech all of a sudden? I would have though someone proposing what literally amounts to another Cold War in the form of focused state-sponsored cyber attacks against another superpower would have been flamed down. Wouldn't this just escalate the issue as both sides become more and more flamboyant and innovative in their methods?

Oh and who exactly is going to implement this plan of yours? Obama? HA! I can really see that happening. Can you?

Your idea is a bunch of feel good bullshit that sounds great, I admit, but you haven't thought it through.

Plenty of people working in cryptography and antivirus started out as hackers and phreakers. The vast majority of them grow out of it by the time they meet girls, start a family and need a job to support them. They quickly realise they have a unique skill set that pays handsomely.

The goal would not be to get the hackers to attack China, but to use their skills to find holes in the defenses, and use their expertise to shore them up.

It was an analogy and an important question. I think it's valid. If we're going to start releasing hackers from prison because they have a valuable tool set that can be utilized, what about other types of criminals? Bank robbers now become "vault security technicians", money launderers become valued "currency manipulation consultants", the list goes on and on. Granted using murder was extreme, a mistake on my part. But do you get my drift?

I'm convinced tayb in his armchair quarterbacking style of declaring "problem solved", didn't actually think of the ramifications of his idea. Also, how does us attacking China with hackers mean the problem of them attacking us is "solved"? Offense is NOT really a defense in this case.

This whole thing is fantasy anyway. There's no way to secretly remove people from prison and put them to work in this manner without someone finding out and breaking the story. And nobody has the political willpower to do something like this above board. So as soon as the media and public got a whiff of this, the jig would be up.

Not to mention that the entire thing rests on the premise that hackers sitting in prison are still the aforementioned experts on security and intrusion prevention. Sorry but I don't buy that as a general assessment.

Well lets see, does the government build safes and safe technology, in order to improve the national security of monitary deposits? no.

"currency manipulation consultants" already exist and work in droves at the fed and treasury. Using the criminals would be a step up here.

You don't need the hackers to attack china. They don't have anything worth stealing anyway. What you need hackers for, is to continually attack domestic networks without causing damage, or as little as possible. You want them to hack the same stuff as the chinese hack, before the chinese hack it, so that you can secure it against them.

And secretly remove from prison? lol, are you so stuck in thinking in totalitarian terms? Just offer them a choice when they get caught. Either go to jail or sign a job contract of the same lenght. One has possibly electronic house arrest and monitoring software, the other ass rape. And incase you didn't know, the majority of hackers isn't exactly physically fit.

And build a super, super secure webpage and server. Put a single file on there containing contact information where to apply for the security job for the government. Then put out an open call to hackers to hack it, then wait for the applications to fill in. They won't cause damage and you've got somebody with already a base level skill, which can then be heightened through training.

But no, you're right. Lets send everybody to prison, it has worked so well in the past. Every person walking out of there is a shining beacon of reformed model citizen, so it'll be a far better option then anything... "productive".

LOL a "super super secure" webserver. But not like those other super super secure ones that China can apparently hack. NO this one will be super duper commie proof.

quote: Well lets see, does the government build safes and safe technology, in order to improve the national security of monitary deposits? no.

Pretty sure our government USES safes. Safes that can, and have, been broken into or compromised by foreign spies and agents. Read a book sometime please.

What about stolen documents? That's never happened? Let's just let thieves out of prison and put them to work helping us defend those documents!

But anyway, what's with being super literal? Are you really saying I have no point at all? Please, we both know better than that. You just don't want to see any other side to this.

quote: Just offer them a choice when they get caught. Either go to jail or sign a job contract of the same lenght.

What about the victims? What kind of justice is this? No trial by jury of their peers? No due process?

I heard of making deals before, but this takes the cake. House arrest and paying someone, according to tayb, $50k a year because they broke the law. Man that's just brilliant.

quote: But no, you're right. Lets send everybody to prison, it has worked so well in the past. Every person walking out of there is a shining beacon of reformed model citizen, so it'll be a far better option then anything... "productive".

Oh and the point of prison isn't to reform people. It's to protect society by keeping those who've proven they cannot function within that society away from it.

I think your issue, and tayb, is the Hollywood portrayal of hackers. That they are just good wholesome kids having some fun and not really meaning to hurt anyone. Well it's time to wake up. Hacking and cyber crimes are serious and should be treated as such. They hurt REAL people and cause real damage. This isn't a joke.

We don't NEED convicted criminals to defend us from China. The premise here is beyond absurd. You should be ashamed of yourself. Please grow up.

quote: So if I murder someone in cold blood, can I get sent to the military instead of sitting in jail?

How are you making the jump from "hacking" to "murder"? Only one of those two is considered "wrong" on both a moral and social level by most people. Hacking is illegal but if wittle trayvon was hacked by a 1/2 white guy rather than shot & killed, I wonder if we'd have all the racist blacks protesting like we do now.

quote: If I start a bar fight unprovoked and beat 3 guys up half to death, instead of jail time can I be sent to the MMA?

Another problem with this hypothetical question and your first one is that neither provide a service to the USA that only a small portion of the population can do. Just about anyone can be taught to shoot someone and perform basic military service...and many people can be trained as MMA fighters as long as they're in good physical condition, but the talent and skills required to crack complex code is not something you can "train" someone to do and it's not an ability that many people have.

quote: You're talking about treating cyber crimes like a doorway to a great career opportunity, instead of a serious and punishable crime. Even paying them like $50k a year?

Not really - it's more like they'd be doing "community service" under close watch - a service which benefits the USA and makes the $40K per year taxpayer cost of feeding and housing them more palatable. Having them sit and rot in their cells is proving to be little more than a Pyrrhic victory for the USA as a nation.

Considering that most hackers do not single out individuals, the "crimes" they are accused of really don't have the social impact on people that something like assault or murder does. At worst you are inconvenienced by having to cancel some credit cards and open up new bank accounts - yeah man, that's harsh.

quote: I don't think I'm "pro jail". I think if you commit a crime that warrants jail time, you should be punished for that crime and serve that sentence. Isn't that the whole point?

No, it's not the whole point. A modern society should always give people a chance to right their wrongs rather than taking a moronic "throw em all into jail and lose the key" approach which benefits neither the country nor the prisoner.

At a fundamental level, hackers typically do what they do just to see if they can do it. If that is their intent and they act without malice, then sentencing them to "national community service" as state-sponsored hackers is perfectly sound.

quote: You've obviously never been a victim of ID theft or had your credit card number stolen by hackers and misused. If you had I'm pretty sure the idea of your tax dollars going to paying their salary, when they should be in jail after costing you years of pain and aggravation, disgusting.

Pain? No. Aggravation is the extent of it...and being a nuisance is hardly a justification to keep someone locked up. Credit cards will not hold you liable for fraudulent activity and neither will most banks.